Like OP said, exploiters find new ways to bypass all the time, and this change has already probably been bypassed anyway, and reverting it will bring back NVIDIA Shadowplay, NVIDIA Ansel, and Vulkan.
It may not be possible but just a thought of mine.
3 Likes
You say this without reading the entire thread.
6 Likes
I do wanna add that we should still give Bitdancer the benefit of the doubt. They’re literally hired to improve security so whether or not there’s some quota they need to meet, it’s probably not entirely up to them to revert this change.
The reality is that this isn’t old Roblox anymore when there wasn’t as much to maintain and the Roblox team was still pretty small. In turn with how complex Roblox has become nowadays, they’re definitely caught up with bigger things behind the scenes.
It just sucks that both sides of the coin can’t come to a better resolution due to all these nuances because it’s no secret that Roblox prefers to either stay quiet or neutral on these topics and some players are always gonna take a mile when given an inch.
So as much as no one wants to admit it, we’re never getting that same small community understanding that existed way back when, hence why it’s inevitable the player experience will suffer. It’s just by nature things go down this route at some point.
6 Likes
Well atleast they’re doing something
Well yeah it sucks, because regardless of this change, it doesn’t change the amount of exploiters.
I’m actually working on a thread with Roblox_RTC about this, as it seems Roblox has no regard for the safety of users on their platform.
I was working on one before actually except I was worried about getting you in trouble by continuing to quote you, as I know it’s not your fault, but thanks to the anti-cheat stunt Roblox pulled with The Hunt: Mega Edition, I no longer need to.
Also, it’s a little frustrating to see community projects, made with passion and love, being completely killed off by anti-cheat updates (which we as developers don’t see the benefit of, and likely won’t at this rate), and are then told that it “was against ToS anyway”
Bloxstrap could potentially be seen as against ToS, yet that’s allowed, even despite Wave using it to some degree to bypass whatever it bypasses
Austin’s FPS locker was also technically against ToS, yet that was allowed until Roblox released an official update including something similar.
When do developers start to see an improvement?
We constantly lose features & functionality, exploiters run rampant regardless, methods to detect exploiters that we rely on are stripped away under complete BS pretexts (e.g. os.clock alt detection & null byte indexing)
What does $11m (plus whatever they paid for synapse) have to show for itself? because all I see is degradation, not improvement.
9 Likes
TL;DR:
Signature validation performs as designed. We are looking into issues on a case-by-case basis. We are not blind to the issues the community is facing, but we have to find a solution that alleviates security concerns as well as user inconvenience.
Wall of text:
As mentioned, almost all community projects violate the TOS to a certain degree. However, so far Roblox has chosen to avoid antagonizing the community by targeting these projects purposefully. The only exception was Wine, as it simply was not maintainable without severely compromising security on Windows (I have written about it extensively here on the forum).
Bloxstrap is less of an issue because it neither injects into the process nor does it perform any kind of repackaging. We haven’t blocked Sober because we don’t see a reason for it. However, I did make it clear to the Sober community that we might render it non-functional as a side effect of increased security as Sober is not officially supported by Roblox.
The same is true for all forms of custom shaders; we don’t explicitly block them (although we have seen shaders being used for cheating), but we can’t just allow random modules to be injected into our process space either, especially since our lenient handling of signed modules was the main attack vector of pretty much all recent Windows exploits.
Last but not least, there is a mix-up of non-Windows and Windows issues here in this thread. While it is true that we have seen a rise in Windows exploits and therefore we had to act on it, the majority of exploiters observed in the wild actually cheat from lesser protected platforms, so arguments such as “the new signature validation didn’t help, I still see an increase in cheating” are flawed if not taking the cheaters’ client platform into account.
This pretty much sums up everything that we have to say on this topic at this point in time. Thank you for reading.
22 Likes
When you refer to looking at issues on a case-by-case basis, does that also extend to software related to shaders like Nvidia Ansel and others, someone earlier had asked if there were plans to allow things like OBS game capture, and you said options are being currently evaluated?
7 Likes
Nvidia Ansel is not on the table at this time. Other issues mentioned in this thread are subject to evaluation.
9 Likes
You admitted yourself that anti-cheat without policy backing it does little to reduce this issue. These changes continue to be a negative because we see no improvements from them. This is because despite the improvements to the application’s security, those who circumvent them are allowed to run free without punishment. This is why you are seeing rises in Windows exploits despite the numerous patches put in place to try and deter them. You can’t prevent them, especially on a usermode anti-cheat, but you can detect them. So what does your company do with those detections? Shove them in their pocket, your own words.
Please try and work out a solution to this issue. I guarantee that if you had a strong policy in place you wouldn’t even need so many patches because so many would quit cheating out of fear of being banned in the first place.
5 Likes
Does that include the use of Vulkan layers since OBS game capture is a Vulkan layer if Vulkan is set as the rendering API? Because Vulkan layers cannot be “injected” they’re loaded by the Vulkan loader at runtime. As in, are Vulkan layers not off the table?
8 Likes
This is off-topic as this is a bug report. We addressed all the issues as reported by the OP, albeit probably not to their satisfaction. I’m going to go ahead and close the ticket.
3 Likes
If you can, please address OP’s final question about the Vulkan layers at least before closing
Vulkan layers are not off the table. However, supporting renaming the client to fake being another game is off the table for now. Keep in mind, that doesn’t mean it might not work in the future. Not supported means it might or might not work; we are not going to actively test for and fix it if it doesn’t work.
9 Likes
Thank you. I really do appreciate it, and that is great news; however, I’m not necessarily sure how that’s going to work with the code signing restrictions. Good luck with everything, and thank you very much.
7 Likes
Really appreciate the extensive responses, at least there’s closure to this topic even if it’s a little disheartening to hear.
5 Likes
How would shaders be used for cheating, I don’t get it?
this was actually a fiasco that happened with crytek w/ hunt: showdown
people was using reshade to cheat by using zoom filters or using the depth buffer to completely bypass fog or darkness. you can imagine this being an issue in competitive games on this platform, especially during The Hunt event which there was monetary reward
this is why you can’t have good things
8 Likes
Wow. Just goes to show people like to cheat in the most ridiculous ways.
As was said, the platform has a diverse range of games. Therefore, in my opinion, the best solution for the problem would be to allow the option for developers to decide whether they approve of shaders or not. Shaders are very beneficial for non-competitive games like roleplays, while they can be a detriment to competitive games such as shooters.
I’m speaking on behalf of developers - I had been using shaders for development until the recent change. It was a great way to capture high-quality footage from the game to be used later for thumbnails, gamepasses, or in-game content.
3 Likes
why is this bug report closed? it isn’t fixed
1 Like